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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims 

1 . (Currently Amended) An Application Gateway Module (2) suitable for 
use in a telecommunication system wherein a service network (20) authenticates a user 
(4^-9) and authorizes authoris e s the user for accessing a service (§i-§) offered by a 
service provider (SO), the Application Gateway Module (2) arranged for intercepting (4- 
2,H ; I 2x, I 4x) application messages between the user and the service and for 
identifying said user and said service, and including: 

- means for obtaining an authorization authorisat i on decision (1 3 ;l 3x) on 
whether the user is allowed to access the service ; 

the Application Gateway Module (2) charact e ris e d by comprising: 

- means for assigning a service session identifier (Sorvic o Contoxt I D) intended to 
identify those application messages exchanged between the user and the service and 
that belong to a same service delivery authorized authoris e d for said user: 

- means for configuring a first finite-state machine (SCSM) with a number of 
status intended to identify specific events in service delivery where service progression 
can be controlled; and 

- means for activating service policies (SF) applicable to said specific events and 
resulting in a state transition. 

2. (Currently Amended) The Application Gateway Module of claim 1 , 
wherein the means for assigning a service session identifier (Serv i c e Cont e xt I D) include 
means for initiating a specific instance of the first finite-state machine (SCSM) , said 
specific instance being identified by the assigned service session identifier 
(SorvicoContoxtID) . 
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3. (Currently Amended) The Application Gateway Module of claim 2, 
wherein the means for activating service policies (SF) include means for setting at least 
one element selected from a non-exhaustive list of references and attributes that 
comprises: a number of message field values to match, a number of specific actions to 
carry out on matching, a number of timer values to run, and a number of transactions to 
supervise. 

4. (Currently Amended) The Application Gateway Module of claim 2, 
wherein the means for activating service policies (SF) include means for activating a 
global service policy independently of any service delivery in progress. 

5. (Currently Amended) The Application Gateway Module of claim 2, 
wherein the means for activating service policies (SF) include means for initiating an 
instance of a global service policy to apply as an individual service policy within a 
specific instance of the first finite-state machine (SCSM) , the individual service policy 
inheriting references and attributes from the global service policy. 

6. (Currently Amended) The Application Gateway Module of claim 5. 
further comprising means for overwriting references and attributes of an individual 
service policy with new references and attributes during a service progression handled 
within a specific instance of the first finite- state machine (SCSM) . 

7. (Currently Amended) The Application Gateway Module of claim 5, 
wherein a particular state is associated with a number of individual service policies fSF- 
31; SF 32) within a specific instance of the first finite-state machine (S CSM) , said 
instance identified by a given service session identifier (S e rvio e Cont e xt I D) . 

8. (Currently Amended) The Application Gateway Module of claim 2, 
wherein the means for obtaining an authorization author i sat i on decision include means 
for requesting a service authorization authorisat i on from an Authorization Author i sat i on 
Module (3) as cla i mod in claim 15 . 
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9. (Currently Amended) The Application Gateway Module of claim 8, 
wherein the means for activating service policies (SF) include means for receiving from 
the Authorization Autho ri s ation Module (3) at least one element applicable to set a 
service policy, the element selected from a non-exhaustive list of references and 
attributes that comprises: a number of message field values to match, a number of 
specific actions to carry out on matching, a number of timer values to run, and a number 
of transactions to supervise. 

1 0. (Currently Amended) The Application Gateway Module of claim 8, 
wherein the means for activating service policies (SF) includes means for receiving a 
global service policy from the Authorization Authorisation Module (3). 

1 1 . (Currently Amended) The Application Gateway Module of claim 8, 
further comprising means for receiving references and attributes from the Authorization 
Author i sat i on Module (3) applicable to overwrite an individual service policy with new 
references and attributes during a service progression handled within a specific 
instance of the first finite-state machine (SCSM) . 

12. (Currently Amended) The Application Gateway Module of claim 8, 
further comprising means for notifying to the Authorization Authoris a tion Module (3) a 
specific event in service progression. 

1 3. (Currently Amended) The Application Gateway Module of claim 8. 
further comprising means for requesting from the Authorization Author i sat i on Module (3) 
a further processing to determine an appropriate action to go on with the service 
progression. 

14. (Currently Amended) The Application Gateway Module of claim 1 3, 
further comprising means for receiving from the Authorization Author i sat i on Module (3) 
an instruction selected from: access granted without restriction, another service 
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(serv i c e TER) to substitute a previous service requested (s e rv i c e B I S) , forced logout, and 
indication of a state transition. 

15. (Currently Amended) An Authorization Author i sat i on Module (3) 
suitable for use in a telecommunication system wherein a service network (20) 
authenticates a user (4^-9) and authorizes authorises the user for accessing a service 
(5; 6) offered by a service provider (30), the Authorization Author i s a t i on Module 
arranged for deciding whether a user (4^9) is allowed to access a service (§i-§) and 
having: 

- means for receiving a service authorization authorisation request (S 511) from 
an Application Gateway Module (2) as claimed in claim 1 ; and 

- means for returning back to the Application Gateway Module (2) a response on 
whether the user (1; 9) is granted access to the requested service (5; 6) ; 

the Authorization Aut horis a tion Module (3) charact e r i s e d by comprising : 

- means for generating a service session identifier (S e rv i c e Cont e xt I D) intended 
to correlate those application messages exchanged between the user and the service 
and that belong to a same service delivery authorized author i s e d for said user; 

- means for configuring a second finite-state machine (SPSM) with a number of 
status intended to identify specific events in service progression where the Authorization 
Authoris a t i on Module can act over the Application Gateway Module to control the 
service progression: and 

- means for determining service policies (SP) applicable to said specific events 
and resulting in a state transition. 

1 6. (Currently Amended) The Authorization Author i sat i on Module of 
claim 15, wherein the means for generating a service session identifier 
(S e rv i c e ~Gont e xt~ I D) comprise means for including said service session identifier 
(S e rv i c e Cont e xt I D) in the response (S 512) to be returned to the Application Gateway 
Module (2) on whether the user (1; 9) is granted access to the requested service (5; 6) . 
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1 7. (Currently Amended) The Authorization Authorisat i on Module of 
claim 16, wherein the means for generating a service session identifier (S e rv i c e 
Contoxt-ID) includes means for initiating a specific instance of the second finite-state 
machine (SPSM) , said specific instance being identified by said service session 
identifier (S o rvic e Cont e xtID) . 

18. (Currently Amended) The Authorization Author i sat i on Module of 
claim 17, wherein a particular state is associated with a number of service policies 
within a specific instance of the second finite- state machine (SPSM) , said instance 
identified by a given service session identifier (S e rvic e Cont e xtID) . 

19. (Currently Amended) The Authorization Author i sat i on Module of 
claim 15, wherein the means for determining service policies (SF) comprise means for 
including in the response (S 512) towards the Application Gateway Module (2-) at least 
one information element to activate a service policy (SF 2) within a specific state in the 
Application Gateway Module, said at least one information element selected from a non- 
exhaustive list Rist of references and attributes that comprises: 

- a number of message field values (Ana l yse I nfo SF valu e ;Logout SF valu e ) to 

match; 

- a set of actions to carry out on matching a given message field value ; 

- a number of new timer values (T i m e out - valu e ) to run; and 

- a number of transactions to supervise. 

20. (Currently Amended) The Authorization Author i sation Module of 
claim 19. wherein the means for including in the response (S 512) towards the 
Application Gateway Module (2) at least one information element to activate a service 
policy include means for indicating that this is a global service policy to apply 
independently of any service delivery in progress. 

21 . (Currently Amended) The Authorization Authorisati on Module of 
claim 16, further comprising means for receiving a notification, from an Application 
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Gateway Module (2) as c l a i m e d in claim 1, indicating a specific event detected in 
service progression. 

22. (Currently Amended) The Authorization Authorisat i on Module of 
claim 16. further comprising means for receiving a request, from an Application 
Gateway Module (2) as c l aimed in claim 1 , asking for an instruction to proceed with a 
service progression. 

23. (Currently Amended) The Authorization Authorisation Module of 
claim 22. further comprising means for sending towards the Application Gateway 
Module {2) an instruction selected from: access granted without restriction, another 
service (s e rv i c e TER) to substitute a previous service requested (servic e BIS) , forced 
logout, and indication of a state transition. 

24. (Currently Amended) The Authorization Author i sat i on Module of 
claim 16, further comprising means for receiving an application message ( l- 7x; l- 8x) 
from at least one entity selected from a number of application servers (7; 8) and 
provisioning systems, the application message including a given service session 
identifier (S o rviceContoxt I D) intended to identify a specific instance of the second finite- 
state machine (SPSM ) in the Authorisation Module (3). 

25. (Currently Amended) A method for authorizing authorising a user fH 
9) of a service network (2-0) to access a service offered by a service server (§f£) of a 
service provider (30), the user (1; 9) already authenticated by the service network, the 
server (5; 6) arranged to deliver a service that comprises a plurality of transactions by 
exchanging a plurality of application messages with the user 44^-9), the method 
comprising the steps of a st e p of : 

- obtaining a first authorization authorisat i on decision (1 - 3 ; l- 3x) on whether the 
user is allowed to access the service; 

th e method charact e r i sed by compr i s i ng th e st e ps of: 
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- generating and assigning a service session identifier (S e rvic e Cont e xt I D) 
intended to identify those application messages exchanged between the user and the 
service and that belong to a same service delivery authorized authori s ed for said user; 

- configuring at least one finite-state machine (SCSM; SPSM) with a number of 
status intended to identify specific events in service delivery where service progression 
can be controlled; and 

- activating service policies (SF) applicable to said specific events and resulting 
in a state transition. 

26. (Currently Amended) The method of claim 25, wherein the step of 
generating and assigning a service session identifier (S e rv i c e Cont e xtID) includes a step 
of initiating a specific instance of the at least one finite-state machine (SPSM; SCSM) , 
said specific instance being identified by the assigned service session 
identifier (Sorv i c o Cont o xtlD) . 

27. (Currently Amended) The method of claim 26, wherein a particular 
state within the specific instance of the at least one finite-state machine (SCSM; SPSM) 
is associated with a number of service policies (SF 1 ; SF - 2; SF - 31; SF - 32) . 

28. (Currently Amended) The method of claim 25, wherein the step of 
activating service policies (SF) includes a step of setting at least one element selected 
from a non-exhaustive list of references and attributes that comprises: a number of 
message field values to match, a number of specific actions to carry out on matching, a 
number of timer values to run, and a number of transactions to supervise. 

29. (Currently Amended) The method of claim 25, further comprising a 
step of receiving at the service network (2-0) an application message originated at an 
entity selected from: a number of service servers (5; 6) of a service provider(30) and a 
number of entities of a provisioning system, the application message including a given 
service session identifier (S e rvic e Cont e xtID) intended to identify a specific instance of 
the at least one finite-state machine (SCSM; SPSM) . 
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30. (Currently Amended) The method of claim 25, wherein the step of 
configuring at least one finite-state machine further comprises a st e p of configuring a 
first finite-state machine (SCSM) in an Application Gateway Module (2) as claimed in 
claim 1, and a st e p of configuring a second finite-state machine (SPSM) in an 
Authorization Authoris at ion Module (3) as claim ed in claim 15 . 
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